System and method for processing conditional access data

ABSTRACT

A computer-implemented method is disclosed comprising: storing a first encrypted multimedia stream on a storage device as the stream is broadcast by a content provider; storing a stream of conditional access data on the storage device, the stream of conditional access data associated with the multimedia stream; and decrypting the first encrypted multimedia stream from a specified point within the encrypted multimedia stream using the stream of conditional access data, responsive to a user request to play back the encrypted multimedia stream from the specified point.

BACKGROUND

[0001] 1. Field of the Invention

[0002] This invention relates generally to the field of multimedia systems. More particularly, the invention relates to a multimedia system capable of intelligently processing and storing several independent broadcast multimedia streams (e.g., broadcast cable or satellite streams).

[0003] 2. Description of the Related Art

[0004] A prior art system for receiving broadcast multimedia signals is illustrated in FIG. 1. The system includes one or more tuners 120, 121 configured to lock on to multimedia signals 100, 101 transmitted at a carrier frequency and down-convert the signals to baseband signals. Quadrature Amplitude Modulation (“QAM”) demodulators 130, 131 demodulate the baseband signals to extract the underlying digital content. As is known in the art, QAM is a modulation technique employed by cable and satellite providers that generates four bits out of one baud. For example, a 600 baud line (600 shifts in the signal per second) can effectively transmit 2,400 bps using this method. Both phase and amplitude are shaped with each baud, resulting in four possible patterns. As indicated in FIG. 1, certain multimedia systems (primarily satellite systems) use a different modulation technique known as Differential Phase Shift Keying (“DPSK”) rather than QAM to demodulate the multimedia signals 100-101.

[0005] The video signal demodulated by the QAM/DPSK demodulators 130, 131 contains a plurality of statistically multiplexed multimedia streams, each containing content for a single cable or satellite “channel” (e.g., HBO). Satellite systems employ a series of transponders for receiving the multiplexed streams and cable systems typically receive the multiplexed streams over 6 Mhz channels. In either case, the multiplexed streams are transmitted at a combined data rate of approximately 40 Mbits/second, as indicated in FIG. 1.

[0006] Referring to FIG. 2, each stream/channel may be identified by a predetermined group of packet identification (“PID”) codes. PID filter modules 140, 141 extract all packets from the set of multiplexed streams having PID codes associated with a specified stream (e.g., the stream which a user is currently watching). For example, in FIG. 2, PID 7 identifies the specified stream's video content and PIDs 5 and 6 identify the stream's audio left and audio right, respectively. Various additional PIDs may be associated with a stream and used to transmit channel-specific data/content (e.g., dolby digital content, . . . etc).

[0007] The multimedia content contained in the stream is then stored on a mass storage device 160, which may be used for temporary storage and/or long term storage of the content. Temporary storage features include pause and rewind functions for live television broadcasts and the ability to begin watching a program after the designated start time for the program. Long term storage functions include the ability to record entire programs for later viewing (similar to the functions provided by standard VCR). The multimedia content is then decompressed/decoded by one or more MPEG-2 decoder modules 170 before being rendered on a television display 135.

[0008] As illustrated in FIG. 1, prior art systems may also utilize a main memory 126 for storing instructions and data and a central processing unit (“CPU”) 125 for executing the instructions and data. For example, the CPU may provide a graphical user interface displayed on the television, allowing the user to select certain television or audio programs for playback and/or storage on the mass storage device 120. In addition, prior art system also include one or more conditional access modules (not shown) for preventing users from viewing programs which they do not have the right to view (e.g., subscription-based channels such as HBO and pay-per-view events).

SUMMARY OF THE INVENTION

[0009] A computer-implemented method is disclosed comprising: storing a first encrypted multimedia stream on a storage device as the stream is broadcast by a content provider; storing a stream of conditional access data on the storage device, the stream of conditional access data associated with the multimedia stream; and decrypting the first encrypted multimedia stream from a specified point within the encrypted multimedia stream using the stream of conditional access data, responsive to a user request to play back the encrypted multimedia stream from the specified point.

BRIEF DESCRIPTION OF THE DRAWINGS

[0010] A better understanding of the present invention can be obtained from the following detailed description in conjunction with the following drawings, in which:

[0011]FIG. 1 illustrates a prior art multimedia receiver, storage and playback system.

[0012]FIG. 2 illustrates packetized, statistically multiplexed multimedia content as processed by a prior art system.

[0013]FIG. 3 illustrates one embodiment of a system for storing and processing multiple broadcast multimedia streams.

[0014]FIG. 4 illustrates an embodiment of a system for storing and processing multiple broadcast multimedia streams wherein the streams are demultiplexed before being stored.

[0015]FIG. 5 illustrates more detail of an embodiment of a system for storing and processing multiple broadcast multimedia streams wherein the streams are demultiplexed before being stored.

[0016]FIG. 6 illustrates operation of one embodiment which employs a buffer of a specified duration.

[0017]FIG. 7 illustrates an embodiment in which a user may watch any program currently being broadcast from the beginning.

[0018]FIG. 8 illustrates a graphical user interface for selecting programs from a program guide and/or acquiring additional program-related information according to one embodiment of the invention.

[0019]FIG. 9 illustrates a wideband implementation according to one embodiment of the invention.

[0020]FIG. 10 illustrates operation of a conditional access module and a secure micro unit.

[0021]FIG. 11 illustrates a system for processing multiple multimedia streams and associated conditional access data.

[0022]FIG. 12 illustrates a timestamp index employed in one embodiment of the invention.

[0023]FIG. 13 illustrates techniques for identifying I-frames within a multimedia stream.

[0024]FIG. 14 illustrates operation of a fast forward function according to one embodiment of the invention.

[0025]FIG. 15 illustrates an embodiment witch includes one or more remote nodes for processing multimedia content.

DETAILED DESCRIPTION

[0026] In the following description, for the purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the present invention. It will be apparent, however, to one skilled in the art that the invention may be practiced without some of these specific details. In other instances, well-known structures and devices are shown in block diagram form to avoid obscuring the underlying principles of the invention.

Embodiments of a System and Method for Processing Multiple Broadcast Multimedia Streams

[0027] As illustrated in FIG. 3, one embodiment of the invention includes one or more tuners 320, 321 for receiving numerous statistically multiplexed streams within a specified frequency range and corresponding QAM and/or DPSK modules 330, 331 for demodulating the multiplexed streams. Unlike prior art systems, however, the system illustrated in FIG. 3 transfers all of the statistically multiplexed multimedia content (or a subset thereof) directly to multi-stream buffers 361, 362 on the mass storage device 360. The buffers may be configured to store a specified duration of content (e.g., two hours) and/or a specified amount of content (e.g., 80 Gbytes). When a user selects a particular cable or satellite channel, the PID filter modules 340 and 341 (also referred to herein as a “PID depacketizer”) extract the multimedia packets for that channel (i.e., identified by the channel's PID codes) and reconstruct the underlying audio/video content by combining the packets in the proper order (i.e., the PID filter modules demultiplex and/or depacketize the content). One or more decoder modules 170 then decode the multimedia content using the appropriate decode/decompression algorithm (e.g., MPEG-2 , MPEG-4 , RealVideo® 8, Windows Media Technologies (“WMT”), . . . etc) and transmit the decoded multimedia content to a display 135 (e.g., a computer monitor or a television).

[0028] As mentioned above, if MPEG-2 is used as the compression algorithm, one set of multiplexed streams may have a combined bitrate approaching 40 Mbits/sec (or 16 Gbytes/hr); two sets, a combined bitrate of 80 Mbits/sec (or 32 Gbytes/hr) as indicated in FIG. 3. Accordingly, the mass storage device 360 of this embodiment is equipped with sufficient storage capacity and read-write bandwidth to store and process the multiplexed signal(s). More specifically, the mass storage device 360 in one embodiment is coupled to the system via an Ultra DMA-66/Ultra ATA-66 or faster interface (capable of supporting a throughput of at least 528 Mbits/sec), and has a storage capacity of 80 Mbytes or greater. It should be noted, however, that the particular interface type/speed and drive storage capacity is not pertinent to the underlying principles of the invention. For example, various different interfaces such as Small Computer System Interface (“SCSI”) may be used instead of the Ultra-ATA/Ultra DMA interface mentioned above, and various different drive capacities may be employed for storing the incoming digital content.

[0029] Storing content from multiple channels/streams on the mass storage device 360 in the foregoing manner provides numerous advantages over prior systems. More specifically, one embodiment of the invention uses the content stored in the multi-stream buffers 360, 361 to provide trick modes and other short term storage functions for all channels within the statistically-multiplexed group. For example, if a two-hour multi-stream buffer 361 is established, as indicated in the program guide 600 shown in FIG. 6, a user may pause any channel for up to two hours or rewind any channel back two hours (e.g., at 11:15 PM the user can rewind any channel back to 9:15 PM). Accordingly, if the user watching Program B on HBO East (PIDs 1-5 in the example) at 11:15, and decides to watch Program F from the beginning on the HBO Family channel (PIDs 11-15 in the example), and indicates so by choosing Program F via a remote control device or cursor control device, selection logic 350 will direct the PID filter module 340 to extract Program F from the multi-stream buffer 361. In this manner, the user will be able to view Program F in its entirety even though the broadcast of Program F started approximately 1{fraction (1/2 )} hours earlier. Similarly, users may select programs on any of the other channels (e.g., Program L on Cinemax® East) broadcast up to two hours earlier. It should be noted that a two-hour buffer is described above merely for the purpose of illustration. Various alternate buffer sizes may be employed while still complying with the underlying principles of the invention.

[0030] One embodiment of the invention demultiplexes the incoming multimedia streams before storing them to a multi-stream buffer on the mass storage device 460. As illustrated in FIG. 4, this embodiment includes one or more multistream PID filter modules 440, 441 which extract the multimedia streams from the multiplexed signal and store them on the mass storage device 460 separated from one another. Thus, as illustrated in greater detail in FIG. 5, if the input to PID filter module 441 is a set of ‘n’ multiplexed streams, then the output will be ‘n’ independent, demultiplexed streams stored in a demultiplexed multi-stream buffer 502. Storage buffers 445, 446 may be used by each of the multi-stream PID filters 440, 441, respectively, to construct a portion of each stream (e.g., several Kbytes) before storing the portion to the mass storage device 460. This will avoid excessive seeking of the mass storage device 460 (e.g., which would result if the storage device 460 were configured to write a small amount of data such as a single PID packet for each stream at a time).

[0031] Selection logic 550, responsive to a user request to view a particular program (e.g., via remote control and/or cursor control device), will direct the decoder module 171 to read and decode one of the streams (i.e., the streams associated with PIDs 2-3 and 101-102 in the example) for rendering on a television or other display device 136. The same operations may be performed on a separate group of ‘m’ multiplexed streams extracted by multi-stream PID filter module 440.

[0032] As indicated in FIG. 5, each of the embodiments described herein may also employ a long term storage buffer 500 for recording programs specified by a user (e.g., similar to the long-term recording functionality of a VCR). In one embodiment, if a user selects a program for recording while the program is already in progress, the program content already stored in one of the demultiplexed multi-stream buffers will be transferred to the long term storage buffer 500 as well as any new program content. Alternatively, or in addition, the program content may simply be reclassified as long term storage content by changing the classification of its directory entry on the storage device rather than moving the content itself.

[0033] One benefit of separating the streams before storing them in the foregoing manner is that, in one embodiment, a user will be able to watch any program currently being broadcast from the beginning (i.e., the system will record back on each channel to the last complete program). Thus, as illustrated in the program guide 500 of FIG. 7, at 11:15 a user may watch program N on HBO Signature (PIDs 31-35 in the example) from the beginning even though the program started at 8:30. Similarly, the user may watch each of programs B, D, F, G, J and F from start to finish.

[0034] In one embodiment, a user may configure different buffer sizes for different channels. For example, a user who regularly watches a number of shows on HBO may decide to establish a large (e.g., 6 hour) buffer for that channel (e.g., by programming the system using a remote control, mouse or other cursor control device), whereas the same user may configure smaller buffers for channels which the user does not watch regularly (e.g., CSPAN). In one embodiment, the system will actively monitor the user's preferences and set larger buffer sizes based on which channels the user views the most frequently and/or the times/days during which the user views the channels. Various other buffer configuration schemes may be employed while still complying with the underlying principles of the invention.

[0035] It should be noted that various system functions described herein (e.g., the selection logic 350, 450, 550 used to select a particular multimedia stream; the PID filtering; the buffer settings; . . . etc) may be embodied in software executed by the CPU 125. Alternatively, or in addition, these functions may be embodied in any combination of hardware (e.g., an application-specific integrated circuit (“ASIC”)), software and/or firmware while still complying with the underlying principles of the invention.

[0036] Using the improved buffering techniques described above, one embodiment of the invention provides users with a listing of all currently available programs from which they may select (e.g., those programs which may be viewed in their entirety). As illustrated in FIG. 8, one embodiment of the program listing is provided in the form of an interactive graphical user interface (“GUI”). The user may select a particular program listing by moving a highlight bar 803 through the listings using a cursor control device such as a remote control, keyboard or mouse. When the highlight bar 803 is highlighting the program entry which the user wishes to view, the user may select the program entry by clicking the enter key on the keyboard/remote or the select button on a mouse.

[0037] Each program entry in the particular embodiment illustrated in FIG. 8 includes a video portion 800 and an informational portion 801. The video portion in one embodiment is a thumbnail of the actual video content provided over the cable/satellite channel. For example, if the first entry in the program list shown in FIG. 8 is HBO, then the video portion 800 of the entry will contain actual HBO video content. As a user moves through the various program entries, in one embodiment, the audio associated with that entry will also be generated. Moreover, in one embodiment, the system will display various types of user-specified broadcast content including, for example, live content (i.e., the program as it is currently being broadcast by HBO), recorded content (e.g., the first few minutes of the movie), or previews of the program (e.g., movie trailers). The underlying principles of the invention remain the same regardless of the type of content transmitted to the video portion 800 of the program entry.

[0038] Rendering audio/video content from each of the cable/satellite channels is simplified using embodiments of the present invention because the full set of multiplexed streams/channels are transmitted to the mass storage device and are accessible by the decoder modules 170, 171. Such a configuration was not possible in prior systems which only transmit one or two de-multiplexed streams to the mass storage device and decoder modules.

[0039] In one embodiment, a selection region 805 will be provided for each program entry. If a user decides that he/she would like the program entry associated with the selection region 805 to be saved, the user may simply place a check mark (or other mark) in the selection region corresponding to that entry using a remote control or other cursor control device. The system will then store the program in long term storage and/or reclassify the content as long term content as described herein. If the embodiment shown in FIG. 3 is employed, one embodiment of the invention will depacketize/demultiplex the selected program and save the program back to the mass storage device 360 (e.g., in either a packetized or a depacketized format). If the user does not wish to view the program immediately, this operation may be accomplished as a background task using the PID filters 340, 341 or other extraction software executed on the CPU 125.

[0040] The information portion 801 of the program entry may include various types of program-related data including, for example, the title and year of the movie (if the program is a movie), program reviews, and/or actors in the program, to name a few. In one embodiment, the program-related data includes links to additional information. For example, the links may be network addresses such as uniform resource locators (“URLs”) which point to additional data stored on a network (e.g., the Internet). In response to a user selecting a URL (e.g., via a cursor control device), additional data addressed by the URL may be downloaded to the system and displayed to the user. Accordingly, this embodiment of the system is equipped with a modem or other device for providing two-way communication over the Internet or other network (e.g., the cable/satellite provider's network). Various types of modems may be employed including digital subscriber line (“DSL”) modems, cable modems, and plain old telephone system (“POTS”) dial up modems (i.e., depending on the particular type of communication channel used by the system). Of course, the type of modem used to support interactive communication is not pertinent to the underlying principles of the invention.

Wideband Implementations

[0041] In one embodiment of the invention, illustrated in FIG. 9, a wideband tuner 910 is configured in to lock on to several groups of multiplexed streams at once as opposed to just a single group. In the illustrated embodiment, the wideband tuner 910 is comprised of an analog-to-digital (“A/D”) converter 920 for receiving and digitizing numerous incoming streams—potentially all streams transmitted by a particular cable/satellite provider (e.g., over a 1 GHz frequency range); a multi-pass filter 930 which divides the digitized wideband signal into a plurality of discrete frequency bands (e.g., bands of 100 MHz); and a wideband QAM/DPSK module 935 which individually demodulates the content from each of the discrete frequency bands to reproduce all of the multiplexed multimedia streams. In one embodiment, the QAM/DPSK module 935 is comprised of a series of digital signal processors (“DSPs”) (e.g., one DSP per frequency band), each programmed with a QAM function for performing QAM demodulation and/or a DPSK function for performing DSPK demodulation. In addition, the DSPs may perform other functions such as signal equalization and noise filtering. In one embodiment, the DSPs operate under the control of the system's CPU 125 (e.g., the CPD executes software comprising the QAM/DPSK functions).

[0042] All of the groups of multiplexed streams (which, as indicated in FIG. 9, may include 500 or more PIDs), are transmitted through a wideband PID selector 940 which, in response to selection logic 450, selects a subset of all the multiplexed PIDs for storage on the mass storage device 460. The particular number of PIDs selected by the PID selector 940 may vary depending on the preferences of the user and/or the capabilities of the mass storage device 460 (e.g., the device's bandwidth and storage capacity). For example, in one embodiment, users may be prompted to select a set of “favorite” channels to be continually buffered on the mass storage device 460 (whereas the user's non-“favorite” channels will not be buffered, or will only be buffered for a limited time period). To support the increased storage and bandwidth requirements of the several sets of additional streams, one embodiment of the invention includes one or more additional mass storage devices (e.g., connected through a multi-drive high speed communication interface such as UDMA or SCSI).

[0043] In one embodiment, a PID demultiplexer 945 demultiplexes/depacketizes the streams selected by the wideband PID selector before storing them on the mass storage device 460. Alternatively, or in addition, the streams may initially be stored in a multiplexed format on the mass storage device and the PID depacketizer 945 may extract PID packets only when a user decides to watch/record a particular program (e.g., as described above with respect to the embodiment shown in FIG. 3). Once selected by a user, the stream is then transmitted through a decoder module 170 for MPEG-2 decoding (or other type of decoding, depending on how the stream was initially encoded) and to a display 135. Although illustrated above as two separate modules, it will be appreciated that the functionality of the PID demultiplexer 945 and wideband PID selector 940 may be combined within a single module.

[0044] In one embodiment, a separate set of analog modules 911 may be included in the system to process and store legacy analog broadcasts. The analog components may include an analog tuners 902 for receiving the analog broadcast at a particular frequency, a decoder/digitizer module 904 for decoding and performing A/D conversion on the analog signal, and a compression module 906 for compressing the signal before storing it to the mass storage device 460.

[0045] In one embodiment, the digital components may be configured to provide the analog functionality just described. For example, the DSPs within the QAM/DPSK module 935 may be programmed with an NTSC or PAL demodulation function for demodulating the incoming analog signal 901 (i.e., after the signal is digitized via the A/D converter).

Conditional Access Embodiments

[0046] In order to prevent users from viewing multimedia content which they do not have the right to view (e.g., subscription based channels, pay-per-view channels, . . . etc) the multimedia content is frequently encrypted using a series of encryption keys before being transmitted. Accordingly, multimedia systems are generally equipped with conditional access (“CA”) subsystems for decrypting the incoming multimedia content.

[0047]FIG. 10 illustrates a CA module 1010 decrypting an incoming multimedia stream 1030 to produce a decrypted multimedia stream 1035, which is then decoded by decoder 170 (e.g., using an MPEG-2 decoder) and rendered on a television display 135. The decryption keys 1025 used to decrypt the multimedia content are transmitted to the CA module 1010 from a secure micro unit 1020. Because the keys used to encrypt the multimedia stream typically change every few seconds, these key changes must be synchronized at the secure micro 1020 and CA modules 1010. Accordingly a key selection data stream 1040 (also referred to herein as the “PID:CA” stream or “conditional access data”) is provided to the secure micro unit 1020 so that it knows precisely which key to transmit to the CA module 1010 at a given point in time.

[0048] As a result of the CA subsystem, if the incoming multimedia stream is stored in an encrypted format on a mass storage device, the decryption key changes associated with that multimedia stream must also be stored (i.e., so that when a user selects the stream, the secure micro will provide CA module with the decryption keys required to decrypt the stream). Prior systems deal with this problem simply by decrypting the multimedia stream before it is stored. However, storing decrypted content on a long term storage device in this manner leaves the copyright holder of the content exposed to unauthorized copying. In addition, because CA subsystems are typically only capable of decrypting one stream at a time, this configuration only provides for storage of only a single stream per CA module.

[0049] One embodiment of a system for concurrently processing decryption keys for multiple streams is illustrated in FIG. 11. Like prior embodiments, this embodiment includes one or more tuners 1020, 1021 for locking on to multimedia stream within a specified carrier frequency and one or more QAM and/or DPSK demodulators 1030, 1031 for demodulating the multimedia stream.

[0050] Unlike prior systems, however, the illustrated embodiment stores the PID:CA key selection data 1145 identifying the keys 1146 to be supplied by the secure micro 1160 to the CA modules 1170, 1171 for each multimedia stream, as well as timing data indicating the points in time at which each portion of the multimedia stream and associated key selection data 1145 were received/stored on the system (or alternatively, the points in time at which the stream/content was transmitted). When a user subsequently chooses a particular multimedia stream for playback, the secure micro 1160 uses the key selection data PID:CA 1145 for that stream to provide the correct series of keys to the CA modules 1170, 1171 for decryption of the selected stream. As in the embodiments described above, the user may be able to watch any program stored on the mass storage device for a predetermined buffer period or from the beginning (e.g., as described above with respect to FIGS. 6 and 7, respectively). In one embodiment, stream selection logic 1155 (embodied in hardware or software executed by the CPU 1185) will select the correct multimedia stream and PID:CA stream at the correct point in time (e.g., using techniques described in greater detail below) responsive to the user's selection (e.g., via a remote control or a cursor control device). Once the multimedia stream is decrypted by one of the CA modules 1170, 1171, one or more decoder modules 1180 then decode the stream using an appropriate codec (e.g., MPEG-2) and transmit the decoded stream to a display 135.

[0051] Identifying the correct points in time within the multimedia stream to begin playback is complicated by the fact that MPEG-2 data (as well as other types of encoded multimedia content) is not typically received by the system at a steady rate. For example, a portion of an MPEG-2 stream which contains significant movement between each of the image frames (e.g., a video of an explosion) will typically consume significantly more bandwidth than a portion of an MPEG-2 stream that contains little or no movement. Thus, as illustrated in FIG. 12, four 1-second portions (1211, 1212, 1213, 1214) of the incoming multimedia stream 1210 may occupy different amounts of space on the mass storage device. As such, in one embodiment of the system, an index of timing data 1200 is provided so that the stream selection logic 1155 can accurately locate where on the hard drive to start decrypting/rendering the multimedia stream in response to a user request to play back a particular program. Included within the index 1200 is a series of address pointers 1201-1204, each associated with a timestamp (labeled 8:00:00 through 8:00:03). In operation, if a user selects a stored program which started at 8:00, for example, the stream selection logic 1155 will identify the 8:00:00 timestamp within the index 1200 and will start decrypting/playing the program stream back from the address identified by pointer 1201.

[0052] In one embodiment, the stream selection logic 1155 will also identify the appropriate point within the PID:CA stream from which to read the necessary key changes. In one embodiment, a separate set of pointers to the PID:CA stream may be included within the timestamp index 1200 or, alternatively, within a separate PID:CA index (not shown). Alternatively, the conditional access data PID:CA may be stored directly within the index 1200. However, in an embodiment in which the PID:CA stream is not encrypted and/or is transmitted at a steady rate (e.g., 1 Mbit/sec), address pointer entries to the PID:CA stream may not be required (i.e., the selection logic will be able to accurately identify where to read from the PID:CA stream without the need for an index).

[0053] In one embodiment, the timing index 1200 is transmitted along with the multiplexed multimedia streams in the form of an additional PID stream (e.g., a PID:INDEX stream transmitted from the head-end or uplink satellite that feeds the head-end). In other words, in this embodiment, the organization providing the source material (e.g., the cable or satellite provider) will generate and transmit the index to the end user's system.

[0054] However, if the content provider does not transmit the index, one embodiment of the system will construct the index 1200 as the multimedia streams are received and written to the mass storage device. For example, index/timestamp generation logic executed by the CPU 1185 (or embodied in hardware) may be configured to generate a new timestamp entry every 1/100 of a second and continuously store the results to the mass storage device 1140. However, it should be noted that the particular frequency with which timestamp entries are generated is not pertinent to the underlying principles of the invention.

[0055] As illustrated in FIG. 13, an MPEG-2 stream 1310 is comprised of a series of I-frames separated by B-frames and P-frames. MPEG-2 uses similar DCT-based intraframe coding as the JPEG standard for each of the I-frames, but compresses the intervening video content by encoding only the differences between periodic I-frames within the B-frames and P-frames. Accordingly, it would be preferable if the pointers 1201-1204 contained in the timestamp index 1200 pointed to I-frames within the MPEG-2 stream rather than B or P frames (i.e., because the B and P frames are meaningless outside of the context of the two I-frames they connect). Accordingly, if the timestamp index is generated by the organization providing the source material, each of the pointers 1201-1204 should be selected to point to I-frames within the MPEG-2 stream.

[0056] If, however, the timestamp index 1200 is generated by the system, as described above, then the pointers 1201-1204 may not necessarily point to an I-frame. Accordingly, in one embodiment of the invention, if a stream is played back from an address pointer which does not point to an I-frame (e.g., such as pointer 1201 in FIG. 13) then it will decrypt/decode the stream up until it reaches an I-frame and will begin playback from that point. For example, in FIG. 13, the system will begin decrypting the stream at the point identified by pointer 1201 (in the middle of B & P frames 1302) but playback would not start until the decryption process reached I-frame 1303. In one embodiment, the system identifies the I-frame 1303 by decrypting its I-frame header.

[0057] Similar techniques may also be employed to allow users to fast-forward through the multimedia content. More specifically, in response to a fast forward command, one embodiment of the system will display a series of I-frames in succession. Depending on the speed at which the fast forward is set to, this embodiment may jump several I-frames at once (as described in greater detail below). If the timestamp index described above contains pointers which point directly I-frames, then the I-frames will be identified directly via the index.

[0058] If, however, the index is constructed as the multimedia stream is received, then jumping from one I-frame to the next may not be entirely accurate because the number of B and P frames between each I-frame and the data contained within each B and P frame is not consistent. Accordingly, as illustrated in FIG. 14, when a user selects fast forward, one embodiment of the system will estimate the jump from the current I-frame 1301 to the next I-frame 1303 based on the speed of fast forward request and/or the estimated time between each I-frame. In one embodiment, the system will perform a lookup in the timestamp index 1200 to make the jump. Alternatively, or in addition, the jump may be based on the assumption that during standard playback, a new I-frame is decided approximately every 1/2 second. The underlying principles of the invention remain the same regardless of how the jump to the next I-frame is estimated.

[0059] Regardless of how the jump is estimated, once it occurs, one embodiment will then begin decrypting the stream using the decryption key data PID:CA 1145 associated with that point in time, until the decryption process reaches the desired I-frame 1303. Once the I-frame 1303 is reached, it is decrypted, decoded and rendered on the display. The same techniques may then be employed for the estimated jump to the next I-frame 1305. The system may identify each of the I-frames by decrypting their respective I-frame headers.

[0060] If one embodiment, if the jump lands in the middle of the next I-frame as illustrated in FIG. 14 (as the jump from I-frame 1305 to 1307, then one embodiment of the invention will decrypt the stream backwards until it reaches the beginning of I-frame 1307. The system may identify the middle of an I-frame by the presence of I-frame data rather than B or P frame data (e.g., DCT intra-frame data rather than inter-frame motion data).

[0061] If the speed of the fast forward request is set high enough the secure micro unit 1160 may be required to provide a new decryption key with each jump. Accordingly, one problem which may result is that the secure micro 1160 may not be capable of providing decryption keys to the CA module 1170 quickly enough (e.g., the secure micro may only be capable of supplying a new key every 1/3 second). If this is the case, then one embodiment of the invention will continue to display the current I-frame until a new key can be generated as it jumps over several I-frames at a time. In this manner, decryption will take place as quickly as the secure micro unit 1160 can generate new keys.

[0062] As the multimedia stream is decrypted during playback, one embodiment of the invention will store the decrypted stream back to the mass storage device 1140, thereby replacing the encrypted multimedia data. At this time an I-frame index can be written to the storage device 1140 as well. Accordingly, if a user subsequently decides to rewind to a particular point within the multimedia stream, or decides to watch the program a second time, the foregoing I-frame identification techniques may no longer be required (i.e., because the stream will have been decrypted and an I-frame index may be available). In addition, in one embodiment, as soon as the user begins watching a particular multimedia stream, the system will run ahead of stream playback, decrypting the stream as quickly as it can (generally dictated by how quickly the secure micro unit 1160 can supply keys) and storing the decrypted stream back to the mass storage device. Using this technique an entire movie may be completely decrypted during the first several minutes of playback. Accordingly, if the user subsequently chooses to fast-forward through the movie, the I-frame identification techniques described above will not be required.

[0063] In one embodiment, any multimedia programs which the user designates for long term storage (e.g., by checking the selection region 805 corresponding to the program as illustrated in FIG. 8), will be decrypted in the background by software executed on the CPU 1185 and/or using dedicated decryption hardware. This embodiment may be required in cases where the decryption keys provided by the cable/satellite provider expire after a predetermined period of time (i.e., and therefore could not be used to decrypt the multimedia programs after a predetermined time has elapsed).

[0064] In order to protect the copyright holders' rights in the multimedia content stored on the mass storage device 1140, one embodiment of the invention will employ additional encryption techniques once the multimedia content has been decrypted. For example, one embodiment of the system delivers a unique key to the mass storage device 1140 as soon as the system is powered up. This technique is available today on many current Ultra-ATA hard drives. If the wrong key is transmitted a predetermined number of times, the hard drive will render the data stored thereon inaccessible (e.g., in one embodiment the hard drive will format itself). Accordingly, an individual who steals the mass storage device 1140 will be unable to access the multimedia content.

[0065] In addition, in one embodiment, after the multimedia content is decrypted using keys supplied by the secure micro 1160, one embodiment will re-encrypt the content using one or more known encryption algorithms. For example, in one embodiment, Data Encryption Standard (“DES”) encryption will be applied to the multimedia content before storing it back to the mass storage device 1141. As is known in the art, DES is a NIST-standard secret key cryptography method that uses a 56-bit key. It will be appreciated, however, that various other encryption algorithms may be employed while still complying with the underlying principles of the invention. However, one benefit of using DES encryption is that many MPEG-2 decoder chips have the DES encryption function built in (e.g., such as the AViA-9600 from C-Cube Microsystems, Inc). As such, if the system is equipped with an MPEG-2 decoder, no additional hardware will be required, thereby reducing system costs.

[0066] In one embodiment, illustrated in FIG. 15, a network interface 1500 is configured in the system to provide communication to a remote multimedia node 1510 (also equipped with a network interface 1505). Various different networking protocols/standards, both wired (e.g., Ethernet) and wireless (e.g., 802.11b), be employed to support the communication between the various nodes.

[0067] The format in which multimedia content is transmitted to the multimedia node 1510 may depend on the node's capabilities. For example, in one embodiment, the node 1510 is equipped with its own conditional access module and secure micro unit (not shown). Accordingly, in this embodiment, multimedia streams requested by the remote node 1510 may be transmitted in an encrypted format along with the associated key selection data PID:CA. By contrast, in one embodiment the remote node 1510 may not be equipped with conditional access functionality. As such, in this embodiment, the multimedia content will be decrypted before being transmitted. In order to protect unauthorized access to the multimedia content (e.g., by an unauthorized user listening on the network), one embodiment will re-encrypt the stream before transmitting it to the remote node 1510 using an encryption format which the remote node can employ in real time (e.g., DES encryption). Various other techniques may be used to provide secure communication with the remote node 1510 while still complying with the underlying principles of the invention (e.g., communication may be encrypted using Secure Sockets Layer (“SSL”) encryption).

[0068] Embodiments of the invention may include various steps, which have been described above. The steps may be embodied in machine-executable instructions which may be used to cause a general-purpose or special-purpose processor to perform the steps. Alternatively, these steps may be performed by specific hardware components that contain hardwired logic for performing the steps, or by any combination of programmed computer components and custom hardware components.

[0069] Elements of the present invention may also be provided as a computer program product which may include a machine-readable medium having stored thereon instructions which may be used to program a computer (or other electronic device) to perform a process. The machine-readable medium may include, but is not limited to, floppy diskettes, optical disks, CD-ROMs, and magneto-optical disks, ROMs, RAMs, EPROMs, EEPROMs, magnet or optical cards, propagation media or other type of media/machine-readable medium suitable for storing electronic instructions. For example, the present invention may be downloaded as a computer program product, wherein the program may be transferred from a remote computer (e.g., a server) to a requesting computer (e.g., a client) by way of data signals embodied in a carrier wave or other propagation medium via a communication link (e.g., a modem or network connection).

[0070] Throughout this detailed description, for the purposes of explanation, numerous specific details were set forth in order to provide a thorough understanding of the present invention. It will be apparent, however, to one skilled in the art that the system and method may be practiced without some of these specific details. For example, although the description above focuses on MPEG-2 as the preferred compression algorithm, various other compression algorithms may be employed to compress/decompress multimedia content while still complying with the underlying principles of the invention (e.g., MPEG-4 , RealVideo® 8, . . . etc).

[0071] In other instances, well known structures and functions were not described in elaborate detail in order to avoid obscuring the subject matter of the present invention. For example, although not illustrated, it will be appreciated that various levels of buffering may be included in the embodiments described herein. For example, in the embodiment illustrated in FIG. 11, buffers (e.g., SDRAM, RDRAM, . . . etc) may be configured between the QAM/DPSK modules 1130, 1131 and the mass storage device 1140 and/or between the mass storage device 1140 and the PID filters 1150, 1151. In fact, buffers may be provided in this manner between any of the system modules in order to improve system performance. The buffers may be separate, independent modules and/or may be assigned blocks of addressable space within a single unified memory (e.g., a RAM module shared between the CPU 1185 and other system components). The underlying principles of the invention remain the same regardless of which types of buffers are used.

[0072] Accordingly, the scope and spirit of the invention should be judged in terms of the claims which follow. 

What is claimed is:
 1. A computer-implemented method comprising: storing a first encrypted multimedia stream on a storage device as said stream is broadcast by a content provider; storing a stream of conditional access data on said storage device, said stream of conditional access data associated with said multimedia stream; and decrypting said first encrypted multimedia stream from a specified point within said encrypted multimedia stream using said stream of conditional access data, responsive to a user request to play back said encrypted multimedia stream from said specified point.
 2. The computer-implemented method as in claim 1 wherein decrypting further comprising: reading conditional access data from said stream of conditional access data from said specified point concurrently with reading said first encrypted multimedia stream from said specified point, said conditional access data identifying successive keys for decrypting corresponding successive portions of said first encrypted multimedia stream.
 3. The method as in claim 2 further comprising: providing said successive keys identified by said conditional access data to a conditional access module wherein said conditional access module uses said successive keys to decrypt corresponding successive portions of said first encrypted multimedia stream to produce a first decrypted multimedia stream.
 4. The method as in claim 3 further comprising: decoding said first decrypted multimedia stream using a specified codec.
 5. The method as in claim 4 wherein said specified codec is MPEG-2.
 6. The method as in claim 2 wherein a secure micro unit provides said successive keys to said conditional access module responsive to reading said conditional access data.
 7. The method as in claim 1 further comprising: storing a second encrypted multimedia stream on said storage device at the same time as said first encrypted multimedia stream is stored to said storage device, wherein said stream of conditional access data contains conditional access data associated with said second encrypted multimedia stream as well as said first multimedia stream; decrypting said second encrypted multimedia stream using said stream of conditional access data responsive to a user request to play back said second encrypted multimedia stream from a specified point within said second encrypted multimedia stream.
 8. The method as in claim 7 wherein said first and second multimedia streams are stored on said storage device in a multiplexed format.
 9. The method as in claim 8 wherein said multiplexed format comprises a series of packets containing multimedia data for said first and second multimedia streams.
 10. The method as in claim 1 further comprising: performing a lookup in a timestamp index using a specified point in time to identify said specified point within said first encrypted multimedia stream to begin decrypting.
 11. The method as in claim 10 wherein said timestamp index is comprised of a set of timestamps and corresponding address pointers, said address pointers identifying said specified point within said first encrypted multimedia stream from which to begin decryption.
 12. The method as in claim 10 wherein said timestamp index is transmitted by said content provider.
 13. The method as in claim 11 wherein said address pointers point to I-frames within said multimedia stream.
 14. The method as in claim 10 further comprising: generating said timestamp index in real time as said first encrypted multimedia stream is received.
 15. The method as in claim 14 further comprising: identifying an I-frame within said first encrypted multimedia stream by decrypting said first encrypted multimedia stream from said specified point in time until an I-frame is reached.
 16. The method as in claim 15 further comprising: decrypting and decoding said I-frame as well as any B and P frames following said I-frame; and rendering said multimedia stream on a display beginning with said I-frame.
 17. An apparatus for processing multimedia streams and conditional access data comprising: a mass storage device to store a first encrypted multimedia stream and associated conditional access data; and selection logic to identify a first subset of said conditional access data to be used to decrypt said first encrypted multimedia stream from a specified point within said first encrypted multimedia stream.
 18. The apparatus as in claim 17 further comprising: a conditional access module to decrypt said first encrypted multimedia stream using said first subset of conditional access data.
 19. The apparatus as in claim 17 further comprising: a secure micro unit to read said first subset of conditional access data and identify a series of decryption keys responsive thereto; and a conditional access module to use said series of decryption keys to decrypt said first encrypted multimedia stream from said specified point within said encrypted multimedia stream.
 20. The apparatus as in claim 17 wherein said mass storage device stores a second encrypted multimedia stream and wherein said selection logic identifies a second subset of said conditional access data to be used to decrypt said second encrypted multimedia stream from a specified point within said second encrypted multimedia stream.
 21. The apparatus as in claim 20 further comprising: a conditional access module to decrypt said first and second encrypted multimedia streams using said first and second subsets of conditional access data, respectively.
 22. The apparatus as in claim 21 further comprising: a secure micro unit to read said first and second subsets of conditional access data and identify a first and second series of decryption keys responsive thereto; and a conditional access module to use said first and second series of decryption keys to decrypt said first and second encrypted multimedia streams from said specified points within said first and second encrypted multimedia stream.
 23. The apparatus as in claim 20 further comprising a multi-stream PID filter module to demultiplex said first multimedia stream from said second multimedia stream prior to rendering said first multimedia stream on said display.
 24. The apparatus as in claim 23 wherein said multi-stream PID filter demultiplexes said first multimedia stream from said second multimedia stream prior to storing said first and second multimedia streams on said storage device.
 25. The apparatus as in claim 17 further comprising: a timestamp index used by said selection logic to identify said first specified point within said first encrypted multimedia stream to begin decrypting.
 26. The apparatus as in claim 25 wherein said timestamp index is comprised of a set of timestamps and corresponding address pointers, said address pointers identifying said first specified point within said first encrypted multimedia stream from which to begin decryption.
 27. The apparatus as in claim 25 wherein said timestamp index is transmitted by said content provider.
 28. The apparatus as in claim 26 wherein said address pointers point to I-frames within said multimedia stream.
 29. The apparatus as in claim 25 further comprising: timestamp index generation logic to generate said timestamp index in real time as said first encrypted multimedia stream is received from a content provider.
 30. The apparatus as in claim 29 further comprising: I-frame identification logic to identify an I-frame within said first encrypted multimedia stream by decrypting said first encrypted multimedia stream from said specified point in time until an I-frame is reached.
 31. The apparatus as in claim 30 wherein once said I-frame identification logic identifies said I-frame, said conditional access module decrypts said first encrypted multimedia stream from said I-frame onward, said apparatus further comprising: a decoder for decoding said first encrypted multimedia stream from said I-frame onward; and a display for rendering said first encrypted multimedia stream.
 32. An article of manufacture including a sequence of instructions which, when executed by a machine, cause said machine to perform the operations of: storing a first encrypted multimedia stream on a storage device as said stream is broadcast by a content provider; storing a stream of conditional access data on said storage device, said stream of conditional access data associated with said multimedia stream; and decrypting said first encrypted multimedia stream from a specified point within said encrypted multimedia stream using said stream of conditional access data, responsive to a user request to play back said encrypted multimedia stream from said specified point.
 33. The article of manufacture as in claim 32 wherein decrypting further comprising: reading conditional access data from said stream of conditional access data from said specified point concurrently with reading said first encrypted multimedia stream from said specified point, said conditional access data identifying successive keys for decrypting corresponding successive portions of said first encrypted multimedia stream.
 34. The article of manufacture as in claim 33 including additional instructions which, when executed by said machine, cause said machine to perform the operations of: providing said successive keys identified by said conditional access data to a conditional access module wherein said conditional access module uses said successive keys to decrypt corresponding successive portions of said first encrypted multimedia stream to produce a first decrypted multimedia stream.
 35. The article of manufacture as in claim 34 including additional instructions which, when executed by said machine, cause said machine to perform the operations of:: decoding said first decrypted multimedia stream using a specified codec.
 36. The article of manufacture as in claim 35 wherein said specified codec is MPEG-2.
 37. The article of manufacture as in claim 33 wherein a secure micro unit provides said successive keys to said conditional access module responsive to reading said conditional access data.
 38. The article of manufacture as in claim 32 including additional instructions which, when executed by said machine, cause said machine to perform the operations of: storing a second encrypted multimedia stream on said storage device at the same time as said first encrypted multimedia stream is stored to said storage device, wherein said stream of conditional access data contains conditional access data associated with said second encrypted multimedia stream as well as said first multimedia stream; decrypting said second encrypted multimedia stream using said stream of conditional access data responsive to a user request to play back said second encrypted multimedia stream from a specified point within said second encrypted multimedia stream.
 39. The article of manufacture as in claim 38 wherein said first and second multimedia streams are stored on said storage device in a multiplexed format.
 40. The article of manufacture as in claim 39 wherein said multiplexed format comprises a series of packets containing multimedia data for said first and second multimedia streams.
 41. The article of manufacture as in claim 32 including additional instructions which, when executed by said machine, cause said machine to perform the operations of: performing a lookup in a timestamp index using a specified point in time to identify said specified point within said first encrypted multimedia stream to begin decrypting.
 42. The article of manufacture as in claim 41 wherein said timestamp index is comprised of a set of timestamps and corresponding address pointers, said address pointers identifying said specified point within said first encrypted multimedia stream from which to begin decryption.
 43. The article of manufacture as in claim 41 wherein said timestamp index is transmitted by said content provider.
 44. The article of manufacture as in claim 42 wherein said address pointers point to I-frames within said multimedia stream.
 45. The article of manufacture as in claim 41 including additional instructions which, when executed by said machine, cause said machine to perform the operations of: generating said timestamp index in real time as said first encrypted multimedia stream is received.
 46. The article of manufacture as in claim 45 including additional instructions which, when executed by said machine, cause said machine to perform the operations of: identifying an I-frame within said first encrypted multimedia stream by decrypting said first encrypted multimedia stream from said specified point in time until an I-frame is reached.
 47. The article of manufacture as in claim 46 including additional instructions which, when executed by said machine, cause said machine to perform the operations of: decrypting and decoding said I-frame as well as any B and P frames following said I-frame; and rendering said multimedia stream on a display beginning with said I-frame.
 48. A method comprising: receiving a request to play back an encrypted multimedia stream stored on a mass storage device, said request including a point in time from which said encrypted multimedia stream is to be played; performing a lookup in a timestamp index to identify an address pointer identifying a point within said encrypted multimedia stream corresponding to said point in time; and decrypting said encrypted multimedia stream from said point within said multimedia stream.
 49. The method as in claim 48 further comprising: generating a timestamp index in real time as said encrypted multimedia stream is being stored on said mass storage device.
 50. The method as in claim 48 further comprising: receiving said timestamp index from a content provider providing said multimedia stream.
 51. The method as in claim 48 further comprising: if said address pointer identifies a point within said encrypted multimedia stream which is not an I-frame, decrypting said encrypted multimedia stream until an I-frame is reached; and decrypting, decoding and rendering said encrypted multimedia stream on a display from said I-frame onward.
 52. The method as in claim 48 further comprising: receiving a request to fast-forward through said encrypted multimedia stream; and decrypting, decoding and displaying a series of I-frames in succession in response to said fast-forward request, said I-frames being decrypted, decoded and displayed at a rate based on a selected speed of said fast-forward request.
 53. The method as in claim 52 wherein said I-frames are identified by estimating a location of a next successive I-frame; jumping to said estimated location; decoding said decrypted multimedia stream from said location onward until said next successive I-frame is reached; and decrypting, decoding and displaying said next successive I-frame.
 54. The method as in claim 52 further comprising: decrypting I-frames as quickly as decryption keys can be generated if said selected speed of said fast forward request exceeds a maximum speed at which said decryption keys can be generated.
 55. The method as in claim 52 further comprising: jumping past one or more successive I-frames before a next I-frame is decrypted. 